Idiotic libel from the ‘Skeptical Science’ crowd

From the “Collin Maessen is a now a fair game legal target” department and the “SkS double secret publicly browsable Tree-hut archives”, comes this unsupportable claim of ‘criminal hacking’ by Brandon Shollenberger.

My Hidden Information

by Brandon Shollenberger.

Some Skeptical Science members have been publicly accusing me of criminal hacking. None of them say just what it is I did that would be considered hacking. This is strange as I’ve explained just what I did. It should be easy for them to point to the illegal aspect. Instead, one of them (Collin Maessen) recently said:

I know exactly what you did and what you didn’t share about what you did. The details that you didn’t share would make it rather obvious that it was hacking. Even though it was at the script kiddie level.

If we’re to believe Maessen, I’m not just a criminal, I’m a liar too. Of course, Maessen refused to say what I “didn’t share.” If I held back information like he claims, it would be easy to prove. Why won’t he? Why won’t anyone from Skeptical Science? They claim it is obvious I lied and hacked. They just won’t give anyone the information which shows such. They’re doing so even when it requires violating their own moderation policies:

When making any claim provide references (links if possible). Failure to do so can result in the comment not going through moderation….
When asked to clarify an argument or point please respond; this isn’t optional.
Claims that are factually incorrect will not be allowed.

I don’t get that. Maessen accused me of a criminal offense, and he refuses to provide the slightest shred of evidence or information for his accusation. He apparently expects people to just take his word for it, even while he’s being completely hypocritical. Très bizarre.

Oh well. Since the Skeptical Science crowd doesn’t care to provide any information or evidence, I will. I’ve uploaded a list of every link I collected from the Skeptical Science forum. I collected these links by using URLs in the form of: http://sksforum.org/thread.php?p=X where X was a number.

You can see the numbers I used in the list (1-18633) along with the page I was redirected to. This is a list of links posted on the secret-secret Skeptical Science forum. You could have gotten any of these links by plugging their number into the URL I gave above.

You’ll note, many of the entries are given for a domain “secretdomain.org.” This isn’t the actual domain. I’ve replaced the domain of their secret-secret-secret forum with that because of certain concerns. It doesn’t matter because you wouldn’t be able to access anything on the site anyway. If you could though, this would be the link to look for:

2929 http://secretdomain.org/tcp_results.php

If you plugged that in, you’d have direct access to a page that looked like:

I don’t know what information I’m supposedly hiding, but I’ll provide some more. Here are a couple links showing what sorts of things I tried to access:

The first two of those required logging in to access. The third and fourth did not. That’s hardly surprising as many sites make documents and images directories publicly accessible so the material in them can be shared. Given some things were blocked and others were not, it is reasonable for a person to try various links to see what they’re allowed to see. Apparently, the Skeptical Science crowd thinks that’s hacking.

While those links no longer work, they are the images I discussed in this post. They provide the identities of 12 of the raters for the Cook et al consensus paper. In that post I said:

This one also identifies nearly a dozen individual participants. It’s true we only found out about these images because of a hack, but that hack happened nearly two years ago. Surely the authors of the paper shouldn’t leave confidential information in a publicly accessible location for two years, even if people have already seen it.

But it’s worse than that. Not only were the images publicly accessible for nearly two years after being discovered, John Cook continued to make it possible for anyone to find links to them. Plus, the links I collected only begin after the original forum was hacked. Who knows if we could have found the same links via the original forum?

Incidentally, you may have noticed one of the links I mentioned being able to access had a number in it. As you may have guessed, there were a series of pages in the form of http://secretdomain.org/docs/rebuttal_status/X.details.htm. I scraped a number of them (392?), but they didn’t contain anything interesting. It was just some proofreading information about various posts at Skeptical Science.

That’s it. There’s no more information to disclose. I don’t know what the Skeptical Science crowd thinks I’m hiding, and I suspect it doesn’t exist.

And hey, now you can see ~18,000 pages the Skeptical Science group discussed!

It seems that the Downunder Children are at play. So far, nothing of serious academic interest has appeared from this crew, and it is time for them to put on their big-boy britches and join the adult world. Hack? Hardly!

The “Skeptical Science group” is composed of some of the stupidest people I have ever encountered in my long, long life. And yet, they get vast amounts of funding from our federal government … hmmmmm … perhaps that tells us something about the modern “science” system.

I have long maintained that if the government is paying for it — it has a small chance of being real science.

I thought it more than a little humorous you were accused in “I know what you did” comment (too funneee) of “kiddie (level) hacking” surely that is a self deprecating admission of skill deprivation on the part of the complainant?

If you were to place CAGW evangelists and those that are labelled sceptics in two groups on a footy field – “spot the nutter” would be somewhat disproportionately weighted.

“Ethel, have you seen my tinfoil hat?” “I cant find my tinfoil hat”…Nice to start the day with a smile..

Criminal defamation is a crime in Australia and the Queensland Police police should be investigating the false allegations of criminal conduct made by SKS against Brandon. Refer to the exert from the Queensland Criminal Code Act. What’s more I have made trolls pedaling these malicious allegations that they may be committing a crime:

Chapter 35 Criminal defamation
365 Criminal defamation
(1) Any person who, without lawful excuse, publishes matter defamatory of another living person (the relevant person)—
(a) knowing the matter to be false or without having regard to whether the matter is true or false; and
(b) intending to cause serious harm to the relevant person or any other person or without having regard to whether serious harm to the relevant person or any other person
is caused;
commits a misdemeanour.
Maximum penalty—3 years imprisonment.
(2) In a proceeding for an offence defined in this section, the accused person has a lawful excuse for the publication of defamatory matter about the relevant person if, and only if,
subsection (3) applies.
(3) This subsection applies if the accused person would, having regard only to the circumstances happening before or at the time of the publication, have had a relevant defence for the
publication if the relevant person had brought civil proceedings for defamation against the accused person.

“If we’re to believe Maessen”
Well that is where your premise falls down, of course.

That little [autosnip] booted me off his youtube channel when I dared to contradict him.
They really do live in a paranoid world these people. I imagine he checks under the bed six times each night to make sure there are no ‘deniers’ under there sapping his precious bodily fluids. Purity of Essence and all that…

hunter, your comment is funny because I much prefer darkness. I’d happily never go outside in the daytime if I could, and I barely use any light in my room.

noloctd, I’m not sure if “essentially clueless” goes far enough.

Cooper, fundraising for what?

Shawn from High River, I certainly have grounds for a libel lawsuit. I have grounds against several people based solely upon their public communication. There is private communication (such as some currently being requested via FOI) that could possibly give grounds against people too. It wouldn’t be worth it though, and I don’t approve of lawsuits for relatively trivial things.

cnxtim, part of me wants to be offended by that “script kiddie level” remark. If I had actually hacked them, I’d like to think I could do better than that.

Gunga Din/mod, the problem might be mixing gup the WUWT title with the title of my post. They both use the same font, so a person might click the bottom one thinking it is a separate post.

Richo. even if that is possible, I wouldn’t support it in the slightest.

Dave, no offense to Anthony, but I think I need the encouragement more. He’s not being libeled here :P

Brandon, well played. Very well played.
Don’t publicly give up your lawsuit potential. FUD can be a useful political tool. Warmunists* use it all the time.
*My new term for CAGW believers, modeled on an analogy to Communists believing in Karl Marx’ economic pseudo ‘science’ in Das Kapital that ignored incentives. Even the warmunist tactics are similar. Posted that analogy in more explicit detail at CE, and have written an essay on it for a maybe forthcoming book on climate and energy policy.
Regards

Rud Istvan, thanks. I have no problem giving up potential for a lawsuit in this though. A lawsuit over backhanded accusations like these in blog posts that only a small number of people read would be stupid and petty.

It’s not like this was one of Dana Nuccitelli’s pieces in The Guardian. If the Skeptical Science group decided to start repeating the claim in things like that, legal action might have some merit.

BruceC, it was a cleverly hidden trap so I could engage in more hacking!

Basically, for a hack to be criminal, it has to access protected government or financial information, or be for financial gain exceeding $5,000, or be with intent to cause damage.

If I understand everything correctly, the only clause which could possibly apply to Brandon Schollenberger is:
“intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage;”
but in this case it would appear that the only damage is to their cause, and it’s passive (ie, exposure of the cause itself and its lack of foundation) not active. At this point I suppose that the legal definition of “damage” needs to be checked. I doubt that any illegality can be found.

Brandon, I’d have a talk to a lawyer in your position. I’m not a legal expert, but I am a software developer, so I have some familiarity with the legal side of hacking.

The issue is some devestating hacks can be achieved by slightly modifying the http:// address of a web page.

For example, if a website suffers a SQL injection vulnerability http://en.wikipedia.org/wiki/SQL_injection , a very common security hole, simply adding a single quote character to the http:// address of the website can cause the code to malfunction, and to display data which was not meant to be revealed.

Therefore the definition of hacking is to my understanding very broad, and includes intentionally modifying the http:// address of a web page to gain access to non public data.

I don’t think what you did qualifies on other counts, such as the test for financial advantage or whatever “harm” you are supposed to have done, but IMO its not impossible SkS could cause some grief for you, so it would be well to have a prepared response in case anything comes of this.

Anyone with a knowledge of computer science can hack a computer without that person knowing. That’s what a computer expert told me once. The governments do it regularly. Copying of course can be construed as stealing or comes under intellectual property. (Intellectual might be a strong word for this mob). Someone made death threats once on a blog, and the cops just laughed.
Intimidation though is also a crime. Gud luck maybe Bob Morrison has something to believe when you uncovered his involvement and posting on this blog as Rusty.

Eric Worrall, one can attempt to hack by modifying a URL, but that doesn’t mean modifying a URL to access material is inherently hacking. Put simply, it’s hacking if you modify the URL to be something you know wouldn’t be a legitimate request. Otherwise, it’s okay. If you want more detail, check out this post (and the comments on it).

Mike Jonas, if material is on a public server and no steps are taken to prevent access to it, the public is considered authorized to access it.

bushbunny, that is an exaggeration of what can be done via hacking. It basically requires the victim have lax security.

Considering the Cook 97% paper, where they proved that even simple math was beyond their capability, I doubt they could secure a garbage can during a garbage strike. Hacking? I only wish that was the extent of the real ones.

Brandon Shollenberger… bushbunny, that is an exaggeration of what can be done via hacking. It basically requires the victim have lax security.

Not so. One well known hack is a “drive by” hack, in which a user’s computer is hacked simply by the act of them looking at a malicious website. There is a delay between hackers discovering an exploit, and software vendors delivering a patch. So even someone who makes a conscious effort to stay up to date is still potentially vulnerable.

For example, look at the arms race between people who want to root (gain unrestricted access) to their mobile phones, and vendors patching the security flaws which allow such access. Apple have lifted their game lately, but at one point they took so much time to patch a security flaw in the iPhone Safari browser, that hackers started offering “drive by” websites to deliver root access – simply looking at the website using your iPhone rooted the phone.

A while ago I needed to prepare some rooted Android phones for a client, who needed capabilities which Android couldn’t deliver “out of the box”. It took me less than an hour to find a tool which could break the phone’s security (in this case I used a Gingerbread hack which exploited a security flaw in the phone’s PC sync toolkit).

I’m not a skilled hacker, I know the theory, I’ve just never bothered honing the practical skills. But I know enough about it to understand what is possible.

Governments have repeatedly been accused of researching and hoarding critical security flaws – so what bushbunny said, about governments regularly dipping into consumer devices, is quite likely correct – at least in the case of devices owned by people who attract their interest.

@Eric Worrall says:
There was extensive discussion about the issue by lawyers see the prior discussion on this at least under US laws. It is definitely a data breach as defined by Wikipedia (http://en.wikipedia.org/wiki/Data_breach) but criminality is very different under different countries laws and here we have possibly two very different laws at play Australian v USA. I would like to see the legal argument around a negligence case here around the website and/or it’s administrators as well if we are going to claim there is some sort of damages. Certainly under USA law if they went after Brandon I would suspect he would have a counterclaim back at SkS but no doubt the lawyers could fill in the details.

You want to call it a hack then fine go ahead but don’t assume that implies any sort of criminality and the bigger question you haven’t addressed is what was the damage and how is it being valued? The damage situation in a credit card number theft or the like is easy the damage in this sort of arena is going to interesting to try and justify.

I suspect this whole thing has blown up in the face of SkS and University of Queensland and so far all they have got from it is a pile of bad press.

I guess that is a question for you Brandon has your legal advice broken down the letter from University of Queensland. To me it reads like a commercial damages claim and the author does appear to be a commercial lawyer the whole privacy side which would come criminal code doesn’t get a run. I guess the whole privacy thing would probably get tossed under the standard “matters or activities which may reasonably be of public interest” and one would have a hard time arguing that knowing who reviewers of a paper was an invasion of someones “right to be left alone”.

This University of Queensland are acting like a load of students. Academics seem to think if you disagree with them or challenge a concept you are not only breaching confidentiality, but are a rogue student or academic. The only discipline that can be applied is within the university. Usually dismissal or an academic’s tenure not renewed. But if a student complains to the university, well of course that is pushed under the carpet.

Seems as if one, or some of the kiddies keeps on leaving the back door open to the SkS cubby-house.

John Cook, 23 February 2012;Got an email from Brian P this morning saying that the whole forum was publicly available to him, even when he wasn’t logged in. I checked and this was true. A little panicky, I investigated and worked out that all the permission levels of each forum had been set down to zero. Normally, they’re set so only authors can access most of them, except the translator forum is also accessible to translators. Strangely though, there is an admin forum that only admins can access and that wasn’t set to zero – it was still set so only admins can access it.

I have no idea how this happened. Several possibilities come to mind. First, I did it by accident when I was screwing around with the database sometime. Someone with admin access (there are about half a dozen SkSers with this access) made the change. Or we were hacked in some way and the hacker changed the levels. None of the options seem likely to me but the most likely is human error on my part although the fact that the admin forum was still set at admin level belies some kind of blanket wiping of all levels.

So I’m a little freaked out – it’s not knowing how this happened that has me most worried. Has anyone been looking at the forum and how long has this been available? But I’ve been procrastinating some of those security measures that have been suggested to me and as soon as I get to work this morning, am going to implement some of those measures.

Memo to John Cook: one of the first levels of security is to shut and lock the back door to the cubby-house. Isn’t that what you were going to do two and a half years ago and yet you/they still keep it open. Sounds like a good spanking is in order.

Eric Worral says:
“Therefore the definition of hacking is to my understanding very broad, and includes intentionally modifying the http:// address of a web page to gain access to non public data.”

If that is true I think there are very few people on the net who are not hackers. For example: you find something interesting via Google, and then “back-strip” the adress one step to see if there is anything else interesting. Pretty often you get an unprotected directory listing. Is that a “hack”? And how do you know whether something freely available like that is “non public”? At least in Sweden where I live You have to provide a text that explicitly warns that something is not public, otherwise accessing it isn’t illegal.

Brandon “Mike Jonas, if material is on a public server and no steps are taken to prevent access to it, the public is considered authorized to access it.“. I don’t doubt that, but thought I’d try to check what the law specifically said.

Anyone with a knowledge of computer science can hack a computer without that person knowing.
——————-
Not quite .. all the ‘person’ needs is a firewall with logging turned on – every connection that comes through is logged then you will know there has been an attempted hack, all modern Windows XP+ have firewall built-in, in W7 and later it is turned on by default.

So unless the hacker is really good and can get around hardware or software firewalls, then computers hackers need to have a server installed on the target computer to get around the firewall. This is why you get all the phishing type emails, or a drive-by website might install something bad on your computer if you follow a bad link.

So having a knowledge of computer science is not all that is needed (Computer ‘science’ is not a necessity with modern hacking tools) and you need hacking software/tools.

All that Brandon did on SkS is what Google does everyday to enhance its databases, that is how the SkS image folder ended up on Google long before it got ‘hacked’

If you own a website, you have to tell search engines which folders you do NOT want it to index. Otherwise it will go for everything that is accessible.

If you genuinely believe that SkS has been hacked, then you better not go near it again until you are absolutely certain there is no malware installed on there.

It may get even more interesting because although SkS website was domain is listed to TPP wholesale an Australian company with the owner being John Cook a quick traceroute will tell you the servers are virtualized and hosted in USA.

Oh the lawyers will love this one because I am guessing that puts jurisdiction firmly under USA law.

LdB@Eric Worrall says:
There was extensive discussion about the issue by lawyers see the prior discussion on this at least under US laws. … You want to call it a hack then fine go ahead but don’t assume that implies any sort of criminality …

Absolutely, this would be a very difficult charge to make stick, in this case.

… and the bigger question you haven’t addressed is what was the damage and how is it being valued? The damage situation in a credit card number theft or the like is easy the damage in this sort of arena is going to interesting to try and justify.

I did mention this. My point is not that I think anyone could successfully prosecute Brandon, my concern is the SkS weirdos, backed by a sympathetic Obama administration, could potentially make life difficult for Brandon for a while. You don’t have to be guilty of anything, for a politically motivated witch hunt to create a lot of inconvenience in your life.

My suggestion was that Brandon have a response prepared, in case of this eventuality.

Hack all you want. My life is pretty boring. What would they use anyway? Anybody with any sense at all, and computers are cheap enough, has one they go online with, and the other never sees the internet. You can’t image how fast windows 95 is without the net.

Tim Hammond says:
June 10, 2014 at 2:56 am
I just don’t get it – what was so secret?

If they have nothing to hide, why would they get so excited about this? Surely this is all just more solid evidence for their claims?

It’s science, it’s supposed to be open and transparent isn’t it?
————————————————
This is SKS we’re talking about here, right?
They don do no steenking science.
Science, sks?
How, where and when does it start?
cn

Brandon, Eric might be right .
I hope you have your taxes and the rest of your life in order.
Time to cya.
They have ways of finding your skeletons and controlling your actions.
Here come the IRS, the FBI and Homeland Security.
Are you now one of Obama’s enemies?
cn

I’m reading a book called Queen Bees and Wannabes. It’s about the behavior of teen and pre-teen girls (yes, I have a daughter in that category). The description in this book of how a pre-teen behaves when she’s confronted with her bad behavior is remarkably similar to the behavior of Mr. Maessen.

Hacking is exactly what SkS and company think is possible and what we should be doing TO the climate. If we could just decide on what ppm of CO2 to drive it to, and what global temp would be best for us guests here on this rock. Perhaps a UN vote could decide that. Meanwhile, a very large portion of low info climate followers this Sks is actually skeptical. Ugh.

Did you find any more taxpayer funded SS day dreams during your ‘hack’?

Quite why you worry about what these Teenage Tank Commanders think about what you did or didn’t do is beyond me. Any credibility they may have had dissipated about the time they were caught ‘dressing up’.

Maessen is calling you more than a criminal and a liar. He also claimed you are inept (at the script kiddie level).

I doubt he recognizes who is the childest “kiddie level” one in this exchange. SkS was one of the very first sites I visited when I started following the climate change discussion. I’m convinced they have created more skeptics than any other single source.

“In other words, two-thirds of the articles expressed no opinion about the human causation of climate change, while the one-third that did were twisted by Cook into a simpleminded tautology: Among all the scientists who agree with the “consensus” are all of the scientists who agree with the consensus. Cook, incidentally, refused to share how he and his graduate students coded the 11,000 abstracts, which is reminiscent of the East Anglia cabal and their withholding of tree ring data. But as with the East Anglia group, someone at the University of Queensland left the data on the Internet, where blogger Brandon Shollenberger came across it and starting noting its weaknesses. The predictable happened: The University of Queensland claimed that the data had been hacked, and sent Shollenberger a cease-and-desist letter. Nothing bespeaks confidence and transparency like the threat of lawsuits.

The only real surprise about Cook’s conclusion is that the number wasn’t 100 percent, since a human role in climate change is acknowledged by every single prominent climate skeptic including Pat Michaels, Roy Spencer, John Christy, Freeman Dyson, Judith Curry, and Richard Lindzen. Studies like Cook’s seek to establish something that virtually no one is arguing. The real argument is over how much future warming is reasonable to expect. Lindzen, Michaels, and others think that we’ve seen most of the temperature increase we’re likely to see, even with further increases in greenhouse gas levels.”